Archive

Archive for the ‘Exchange 2010’ Category

How to track account locked out in TMG 2010 SP2

November 15, 2014 Leave a comment

Started noticing that few AD accounts are getting locked out within Active Directory where the source, as per the monitoring reports shows that the TMG Servers of your environment, which is working as a reverse proxy for mobile clients.

An account lockout occurs after several failed authentication attempts that are made by incoming web proxy or web publishing requests (for example, an ActiveSync device that has a user’s old password saved).

To track it , go into Log & Reportss in TMG Array and find out failed authentication attempts information below.

  • Run Forefront TMG 2010 console
  • Select Logs & Reports item on the left pane
  • Select Logging tab on the center pane
  • Select Tasks tab on the right pane
  • Select Edit Filter under Logging task

1-1
The TMG logs cannot be used to identify the source of the request hence still you are not able to find any denied connection and device detail which may casing the account locking problem.

3

By default, the change in behavior is not enabled, and the following script should be run to enable the new behavior. After you enable the new behavior, TMG will log the username that is associated with a failed logon attempt in the Username field as follows, instead of being logged as Anonymous:

domain\username (!)

Go thro with the below KB article to enable script for search failed login.

http://support2.microsoft.com/kb/2592929

4-4

Now you can see the below logs report which shows the several denied connection.

2-2

You can also see more information about device expanding “Additional Information” section into one of the log

Advertisements

Message Tracking log with multiple Transport Server

There several blog says about how to track email message for multiple HUB transport servers placed after HW LB like F5.

I was doing same and thoug to put here for my reference 🙂 !!!

1: Tracking of message for a subject “”WHAT’S NEW” on a single HUB transport server.

Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Select ServerHostName,Timestamp,Recipients

2: Tracking of message for a subject “”WHAT’S NEW” on a multiple HUB transport server.
Get-transportserver HUBSevrer* | Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Select ServerHostName,Timestamp,Recipients

2: Tracking of message for a subject “”WHAT’S NEW” on a multiple HUB transport server with ascending timestamp order.
Get-transportserver HUBServer* | Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Sort Timestamp | Select ServerHostName,Timestamp,Recipients

Note : Please change HUB server name and time according to your environment.

Relay Application Server SMTP Traffic is getting time out

I was dealing with a Email Relay application which was sending 5000-10000 news letters in one shot to internal recipients & External.

Application team complain that the distribution often fail with below error and need to check from Exchange side. This kind of behavior have been seen specially with the Environment of Exchange 2001 because of shadow redundancy feature, While it works well with Exchange 2007 servers.

Error which received in application :

—————————————————————————————————————————–

System.Net.Mail.SmtpException: The operation has timed out.at System.Net.Mail.SmtpClient.Send(MailMessage message)

—————————————————————————————————————————-

Resolution :

The delayed acknowledgement time-out is controlled by the MaxAcknowledgementDelay attribute of each Receive connector. The default value is 30 seconds.

In my case we have created a custom receive connector called “Email Relay” which is accepting relay emails from application. application IP address is already added in source of receive connector. I will not talk too much about how we configure custome receive connector in exchange 2010.

The receive connector attributes changes with new value including MaxAcknowledgementDelay attribute to resolve this.

Old Settings :

MaxInboundConnection                    : 5000

MaxInboundConnectionPerSource           : 20

MaxInboundConnectionPercentagePerSource : 2

TarpitInterval                          : 00:00:05

MaxAcknowledgementDelay                 : 00:00:30

MessageRateLimit                        : unlimited

MessageRateSource                       : IPAddress

 

New Settings :

MaxInboundConnection                    : 5000

MaxInboundConnectionPerSource           : 100

MaxInboundConnectionPercentagePerSource : 20

TarpitInterval                          : 00:00:00

MaxAcknowledgementDelay                 : 00:00:00

MessageRateLimit                        : unlimited

MessageRateSource                       : None

Use below cmdlet to change it:

Set-ReceiveConnector “HUB server\EMail Relay” -MaxAcknowledgementDelay 0 -TarpitInterval 0 -MessageRateSource None

SMTPDealy

Note – Although disabling delayed acknowledgements for a Receive connector increases SMTP throughput, it also means that you no longer benefit from the features provided by shadow redundancy. For this reason, Microsoft recommend the use of storage hardware redundancy for transport servers for which delayed acknowledgements are disabled.  So its depend upon your IT management decision for such changes.

A good approach is to first lower the value and then verify whether SMTP throughput still suffers and, if it does, then disable the feature completely.

Hope above information will help you 🙂

Read some more information:

Mike : http://mikecrowley.wordpress.com/2010/07/24/delayed-smtp-acknowledgement/

TechNet : http://technet.microsoft.com/en-us/library/hh529935(v=exchg.141).aspx

 

 

 

Categories: Exchange 2010

Microsoft Diagnostics Services—Self-Help

November 30, 2013 Leave a comment

The “Fix it Center Pro” name and its associated portal is retired now and are replaced by the Microsoft Diagnostics Services—Self-Help portal. The new portal is an automated troubleshooting service from Microsoft. This service can help make it easier to identify solutions to problems with Microsoft applications. Microsoft Diagnostics Services—Self-Help uses targeted analysis to scan your system to identify and resolve specific problem areas. The analysis sessions scan your system to identify solutions for specific problem areas. The results are uploaded to Microsoft servers to be processed and to identify any known issues. If a known issue is found, a message is displayed that explains the steps that you can take to resolve the problem.

Wanna to go to link ?? Go here

Volume Shadow Copy Service error event ID 12292

September 20, 2013 Leave a comment

Since we had change the SAN switch for one of our Exchange 2010 DAG nodes, Its started to fetch the event ID 12292 and VSS backup stoped working for this node.

Used below cmdlet to make sure exchange replication  writer and providers are working fine.

Vssadmin list writers

Vssadmin list providers

Started looking the registry value of VSS provider and matching the registry value with other DAG nodes which is working normally. During match, I found the “Start” Dword value is showing data value “0x00000004”.

In other DAG nodes this value was ““0x00000002” under “KLM\CCS\SYSTEM\SERVICES\SWPRV” .

If you falling under same kind of issue, I would suggest you to verify the registry value with working server for below Key’s.

1. On Exchange server, please run regedit, go to verify the following two registry keys. Make sure they are the same with another working server:

HKLM\CCS\SYSTEM\SERVICES\VSS\PROVIDERS

KLM\CCS\SYSTEM\SERVICES\SWPRV

2. Please Reboot Exchange server in Off-Business hours.

3. After reboot, please try to backup Exchange using Windows Server Backup tool.  Check if it is successful.

If still you are not bale to managed this working, As a Last resort you can try Re registering the Vss dlls

Re-registering Vss Dlls

cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 /s ole32.dll
regsvr32 /s oleaut32.dll
regsvr32 /s vss_ps.dll
vssvc /register
regsvr32 /s /i swprv.dll
regsvr32 /s /i eventcls.dll
regsvr32 /s es.dll
regsvr32 /s stdprov.dll
regsvr32 /s vssui.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml4.dll
vssvc /register
net start swprv
net start vss

It does help in getting the Vss service to function properly

A myth – Removing GC/DC and Exchange CRY

September 9, 2013 Leave a comment

In the weekend I was working with my friend and helping him to remove his existing GC/DC and seen some interesting behavior about exchange which I thought to admit here which may be benefit to people those stuck into such Environment.

Current Setup

The environment has only one windows 2008 Server with all FSMO role installed and on top of that Exchange 2010 CAS,MBX,HUB role also installed (I know it’s not recommended 🙂 )

Requirement

They had installed one Exchange 2010 SP2 on Windows 2008 R2 server and configure all the roles and migrated all Mailbox, public folder etc. to new server successfully.

Installed one new DC (Windows 2008) and configured this DC as GC replicated DNS. All seems working fine on new DC as expected.

Now real fun is going to start. If you see various blog post and TechNet forum discussion, lots of MVP and expert advice to use CMDLET “Set-ExchangeServer” and point new DC/GC as static. I agree its good cmdlet and help Exchange Administrator to avoid any down time while you ask exchange to talk with new DC/GC

BUT, What about if someone change DC/GC for whatever reason – it becomes unavailable for an extended period of time (or worse: someone decided to decommission the server without telling you (happens all the time!). This would cause the Exchange Server to try binding to a non-existing DC/GC. Again if you want to remove static entry you can’t do as EMS is not getting started.

To avoid such issue and let exchange connect itself new DC/GC you need to allowing exchange minimum 30-45 minutes time. In this duration lots of event will generated as below.

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1111).
Exchange Active Directory Provider will discover the new DC’s and will show in in event log (Event id : 2080) . Let concentrate the event now.

(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
DC-OLD.ABC.local CDG 1 7 7 1 0 1 1 7 1
DC01.ABC.local CDG 1 7 7 1 0 1 1 7 1

If you see above the SACL value of both DC is ‘1’ which indicates that both DC’s are working as GC’s now. Now it’s time to shutdown/Disconnect old DC from network. Wait for 30 minutes and observe event logs. Go exchange server and try to restart Exchange AD topology server which would stop all services one by one and then start it again. Once all service are started , now you can confirm that new exchange is talking with new DC.

Now wait for couple of days and proceed with exchange & DC/GC removal.

Note : in some cases it has been observers that SACL value is  not showing 1 for new DC which cause exchnage to down. To resolve this. In the Default Domain Controller policy AND the Default Domain Policy under Windows Settings –> Security Settings –> Local Policies –> User Rights Assignment, the policy “Manage auditing and security log” must have the Exchange Servers group added. This was not added in this environment. Once this was added the SACL as above changed to “1″ and the Exchange services started correctly

So, Why Set-exchangeServer cmdlet 🙂

Dude, I only want to export “Dumpster” in New-MailboxExportRequest

To export the only “Dumpster” items in mailbox in exchange 2010 SP2/SP3. you can use below cmdlet.

Export CMDLet :
[PS] C:\>New-MailboxExportRequest -Mailbox AliasMBX -FilePath \\anil04\Share\Dumpster.pst -IncludeFolder “#Recoverable Items/Deletions#”

To see the export status :

[PS] C:\>Get-MailboxExportRequest -Identity AliasMBX\MailboxExport

To Import item into Dumpster back :

[PS] C:\new-mailboximportrequest -mailbox AliasMBX -filepath \\anil04\Share\Dumpster.pst -IncludeFolder “#Recoverable Items/Deletions#” -TargetRootFolder  “Dumpster”

Categories: Exchange 2010